<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html> 
<head>
<title>Permissions Sample</title>
<link rel="stylesheet" type="text/css" href="../../../../docs/rotor.css">
</head>

<body>		


<h1> Permissions Sample</h1>


<h2>Sample Overview</h2>


<p>This sample demonstrates using the Code Access 
Security Policy tool (caspol.exe) to change machine-level settings, and creating and using a custom 
permissions object.</p>

<h2>Sample Source and Build Output Locations</h2>


<p>The sample source is found in sscli20\samples\howto\security\permissions.</p>


<p>The files included with the sample are:</p>


<ul>
  <li><b>permissions directory</b><ul>
  <li>exclusive.bat<ul>
  <li>Used after  setpolicy.bat to demonstrate the difference 
      between turning the Exclusive permission on or off.</li>
</ul>

  </li>
  <li>exclusive.sh<ul>
  <li>Same as the batch file, but to be used on UNIX system-based platforms.</li>
</ul>

  </li>
  <li>names.txt<ul>
  <li>Text file accessed by the namestore assembly to store names.</li>
</ul>

  </li>
  <li>permissions_sample.html<ul>
  <li>This documentation.</li>
</ul>

  </li>
  <li>setpolicy.bat<ul>
  <li>Used to change the code  access security policy at the User level from FullTrust to 
      Everything.&nbsp;This allows the permission sample to demonstrate various 
      behaviors that will not occur under FullTrust.</li>
</ul>

  </li>
  <li>setpolicy.sh<ul>
  <li>Same as the batch file, but to be used on UNIX system-based platforms.</li>
</ul>

  </li>
  <li><b>authorized directory</b><ul>
    <li><a href="authorized/authorized.cs">authorized.cs</a><ul>
      <li>The source code for the authorized application.&nbsp;The application will be granted the 
      authorization to assert the custom myperm permission.</li>
    </ul>
    </li>
    <li>authorized.snk<ul>
      <li>The source for the assembly key for the authorized application. The public key from this file  is used to grant permissions to 
      the application.</li>
    </ul>
    </li>
  </ul>
  </li>
  <li><b>myperm directory</b><ul>
    <li><a href="myperm/myperm.cs">myperm.cs</a><ul>
      <li>The source code for the myperm custom permissions assembly. This 
      assembly will be installed in the global assembly cache  during 
      build.&nbsp; It must be in the global assembly cache for the Code Access 
      Security Policy tool to correctly 
      register it for use as a custom permission.</li>
    </ul>
    </li>
    <li>myperm.snk<ul>
      <li>The key file for the myperm assembly.</li>
    </ul>
    </li>
    <li><a href="myperm/myperm.xml">myperm.xml</a><ul>
      <li>An XML serialization of the myperm assembly. Used by the Code 
      Access Security Policy tool to 
      install the custom permission.</li>
    </ul>
    </li>
  </ul>
  </li>
  <li><b>namestore directory</b><ul>
    <li><a href="namestore/namestore.cs">namestore.cs</a><ul>
      <li>The source code for the namestore intermediate assembly. This is used 
      by both the authorized and unauthorized applications to access the 
      names.txt file.&nbsp; The constructor for the NameStore object issues a 
      Demand for the myperm permissions object.</li>
    </ul>
    </li>
    <li>namestore.snk<ul>
      <li>The key file for the namestore assembly.</li>
    </ul>
    </li>
  </ul>
  </li>
  <li><b>unauthorized directory</b><ul>
    <li><a href="unauthorized/unauthorized.cs">unauthorized.cs</a><ul>
    <li>The source code for the unauthorized application.</li>
  </ul>
    </li>
    <li>unauthorized.snk<ul>
    <li>The key file for the unauthorized application. This key is 
    different from that for the authorized application and it will not be 
    granted permission for the myperm custom permission.</li>
  </ul>
    </li>
  </ul>
  </li>
</ul>

  </li>
</ul>


<p>The build output location is %_NTTREE%\samples\security\permissions.&nbsp; 
The following is a list of files output from the build of this sample:</p>


<ul>
  <li>authorized.exe<ul>
    <li>An executable assembly that will be authorized to use the custom 
    permission.</li>
  </ul>
  </li>
  <li>myperm.dll<ul>
    <li>A library assembly that implements a custom permission.</li>
  </ul>
  </li>
  <li>namestore.dll<ul>
    <li>A library assembly that is used by both the authorized and unauthorized 
    applications.</li>
  </ul>
  </li>
  <li>unauthorized.exe<ul>
    <li>An executable assembly that will not be authorized to use the custom 
    permission.</li>
  </ul>
  </li>
</ul>


<h2>Building the Sample</h2>


<p>All samples are built from the buildall script.&nbsp;  </p>


<p>You can also build all the 
samples by switching to the root of the sample directory, sscli20\samples, and typing 
<code>build -c</code>.</p>


<p>You can build this specific sample  by switching to the sample directory and typing 
<code>build -c</code>.</p>


<h2>Running the Sample</h2>


<p>These steps require that the Shared Source CLI (SSCLI) be already built and 
functional.</p>


<ol>
  <li>Run  env.bat. </li>
  <li>Switch&nbsp;directories to the %_NTTREE%\samples\howto\security\permissions directory and run both the 
  authorized and unauthorized application assemblies before any security 
  permissions have been changed.&nbsp; Both executable assemblies should run identically and 
  allow access  to the names.txt file for both reading and modifying.<blockquote>
    <pre>    clix authorized.exe
    clix unauthorized.exe</pre>
  </blockquote>
  </li>
  <li>Run the setpolicy.bat file on Microsoft Windows&reg;.&nbsp; This will change the default user 
  permissions from FullTrust to Everything.&nbsp; The Everything permission is more restrictive 
  than FullTrust and will demonstrate the desired functionality.&nbsp; The 
  script will also install the myperm custom permission and set the authorized 
  application as allowed to assert the myperm custom permission.</li>
  <li>Run the authorized application assembly using the clix launcher.&nbsp;It 
  should allow access to both read and modify the names.txt file.</li>
  <li>Run the unauthorized application assembly using the clix launcher.&nbsp;It should fail to start 
  and generate a security exception from the NameStore instance 
  constructor.</li>
  <li>Run the exclusive.bat batch file on Windows. This will change the permissions behavior to 
  Exclusive 
  which means that no default permissions will be granted.</li>
  <li>Run the authorized application.&nbsp; It will be allowed to read the 
  names.txt file but not modify it.&nbsp;This is because the  GetNames() 
  method asserts the FileIOPermission for the calling application, but the 
  AddName method does not and will fail.</li>
  <li>When you finish running the sample, reset the security environment 
  to the default state using the Code Access Security Policy tool:</li>
</ol>

<blockquote>
  <blockquote>
    <pre>clix %_NTTREE%\caspol -q -reset</pre>
  </blockquote>
</blockquote>


<br>


<hr>


<p><i>Copyright (c) 2006 Microsoft Corporation. All rights reserved.</i></p>
</body> 
</html>